From 068b115abc8ed549fc966a989b9c6ab7d0ce2085 Mon Sep 17 00:00:00 2001
From: arjunajesh <34989598+arjunajesh@users.noreply.github.com>
Date: Sat, 24 Jun 2023 20:06:54 -0400
Subject: [PATCH 1/2] added azure domain parameter

---
 changelog/unreleased/issue-2468  |  6 ++++++
 doc/030_preparing_a_new_repo.rst |  7 +++++++
 doc/040_backup.rst               |  1 +
 internal/backend/azure/azure.go  |  8 +++++++-
 internal/backend/azure/config.go | 14 +++++++++-----
 5 files changed, 30 insertions(+), 6 deletions(-)
 create mode 100644 changelog/unreleased/issue-2468

diff --git a/changelog/unreleased/issue-2468 b/changelog/unreleased/issue-2468
new file mode 100644
index 000000000..5a2cafc85
--- /dev/null
+++ b/changelog/unreleased/issue-2468
@@ -0,0 +1,6 @@
+Enhancement: Add support for non-global Azure clouds
+
+Restic backups on azure only worked for storages on the global domain `core.windows.net`. This meant that backups to other domains such as Azure China (`core.chinacloudapi.cn') were not supported. Restic now allows overriding the global domain using the environment variable `AZURE_ENDPOINT_SUFFIX'.
+
+https://github.com/restic/restic/issues/2468
+https://github.com/restic/restic/pull/4387
diff --git a/doc/030_preparing_a_new_repo.rst b/doc/030_preparing_a_new_repo.rst
index a871ee507..52b20a788 100644
--- a/doc/030_preparing_a_new_repo.rst
+++ b/doc/030_preparing_a_new_repo.rst
@@ -537,6 +537,13 @@ or
     $ export AZURE_ACCOUNT_NAME=<ACCOUNT_NAME>
     $ export AZURE_ACCOUNT_SAS=<SAS_TOKEN>
 
+Restic will use Azure's global domain ``core.windows.net`` by default. You can specify other
+domains to be used like so:
+
+.. code-block:: console
+
+    $export AZURE_ENDPOINT_SUFFIX=<ENDPOINT_SUFFIX>
+
 Afterwards you can initialize a repository in a container called ``foo`` in the
 root path like this:
 
diff --git a/doc/040_backup.rst b/doc/040_backup.rst
index c09307da0..c52fec8c4 100644
--- a/doc/040_backup.rst
+++ b/doc/040_backup.rst
@@ -614,6 +614,7 @@ environment variables. The following lists these environment variables:
     AZURE_ACCOUNT_NAME                  Account name for Azure
     AZURE_ACCOUNT_KEY                   Account key for Azure
     AZURE_ACCOUNT_SAS                   Shared access signatures (SAS) for Azure
+    AZURE_ENDPOINT_SUFFIX               Domain of Azure Storage (default: core.windows.net)
 
     GOOGLE_PROJECT_ID                   Project ID for Google Cloud Storage
     GOOGLE_APPLICATION_CREDENTIALS      Application Credentials for Google Cloud Storage (e.g. $HOME/.config/gs-secret-restic-key.json)
diff --git a/internal/backend/azure/azure.go b/internal/backend/azure/azure.go
index a9267a945..661dd505d 100644
--- a/internal/backend/azure/azure.go
+++ b/internal/backend/azure/azure.go
@@ -53,7 +53,13 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 	var client *azContainer.Client
 	var err error
 
-	url := fmt.Sprintf("https://%s.blob.core.windows.net/%s", cfg.AccountName, cfg.Container)
+	var endpointSuffix string
+	if cfg.EndpointSuffix != "" {
+		endpointSuffix = cfg.EndpointSuffix
+	} else {
+		endpointSuffix = "core.windows.net"
+	}
+	url := fmt.Sprintf("https://%s.blob.%s/%s", cfg.AccountName, endpointSuffix, cfg.Container)
 	opts := &azContainer.ClientOptions{
 		ClientOptions: azcore.ClientOptions{
 			Transport: &http.Client{Transport: rt},
diff --git a/internal/backend/azure/config.go b/internal/backend/azure/config.go
index 6786ec626..5284572e9 100644
--- a/internal/backend/azure/config.go
+++ b/internal/backend/azure/config.go
@@ -13,11 +13,12 @@ import (
 // Config contains all configuration necessary to connect to an azure compatible
 // server.
 type Config struct {
-	AccountName string
-	AccountSAS  options.SecretString
-	AccountKey  options.SecretString
-	Container   string
-	Prefix      string
+	AccountName    string
+	AccountSAS     options.SecretString
+	AccountKey     options.SecretString
+	EndpointSuffix string
+	Container      string
+	Prefix         string
 
 	Connections uint `option:"connections" help:"set a limit for the number of concurrent connections (default: 5)"`
 }
@@ -71,4 +72,7 @@ func (cfg *Config) ApplyEnvironment(prefix string) {
 	if cfg.AccountSAS.String() == "" {
 		cfg.AccountSAS = options.NewSecretString(os.Getenv(prefix + "AZURE_ACCOUNT_SAS"))
 	}
+	if cfg.EndpointSuffix == "" {
+		cfg.EndpointSuffix = os.Getenv("AZURE_ENDPOINT_SUFFIX")
+	}
 }

From e36d17a6f852e4b19359ae82db4e7321698f4eb7 Mon Sep 17 00:00:00 2001
From: Michael Eischer <michael.eischer@fau.de>
Date: Fri, 7 Jul 2023 23:09:44 +0200
Subject: [PATCH 2/2] azure: tweak documentation for endpoint suffix

---
 changelog/unreleased/issue-2468  | 6 +++++-
 doc/030_preparing_a_new_repo.rst | 6 +++---
 doc/040_backup.rst               | 2 +-
 internal/backend/azure/config.go | 3 ++-
 4 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/changelog/unreleased/issue-2468 b/changelog/unreleased/issue-2468
index 5a2cafc85..56555a136 100644
--- a/changelog/unreleased/issue-2468
+++ b/changelog/unreleased/issue-2468
@@ -1,6 +1,10 @@
 Enhancement: Add support for non-global Azure clouds
 
-Restic backups on azure only worked for storages on the global domain `core.windows.net`. This meant that backups to other domains such as Azure China (`core.chinacloudapi.cn') were not supported. Restic now allows overriding the global domain using the environment variable `AZURE_ENDPOINT_SUFFIX'.
+Restic backups on Azure only supported storages using the global domain
+`core.windows.net`. This meant that backups to other domains such as Azure
+China (`core.chinacloudapi.cn') or Azure Germany (`core.cloudapi.de`) were
+not supported. Restic now allows overriding the global domain using the 
+environment variable `AZURE_ENDPOINT_SUFFIX'.
 
 https://github.com/restic/restic/issues/2468
 https://github.com/restic/restic/pull/4387
diff --git a/doc/030_preparing_a_new_repo.rst b/doc/030_preparing_a_new_repo.rst
index 52b20a788..c944264c8 100644
--- a/doc/030_preparing_a_new_repo.rst
+++ b/doc/030_preparing_a_new_repo.rst
@@ -537,12 +537,12 @@ or
     $ export AZURE_ACCOUNT_NAME=<ACCOUNT_NAME>
     $ export AZURE_ACCOUNT_SAS=<SAS_TOKEN>
 
-Restic will use Azure's global domain ``core.windows.net`` by default. You can specify other
-domains to be used like so:
+Restic will by default use Azure's global domain ``core.windows.net`` as endpoint suffix.
+You can specify other suffixes as follows:
 
 .. code-block:: console
 
-    $export AZURE_ENDPOINT_SUFFIX=<ENDPOINT_SUFFIX>
+    $ export AZURE_ENDPOINT_SUFFIX=<ENDPOINT_SUFFIX>
 
 Afterwards you can initialize a repository in a container called ``foo`` in the
 root path like this:
diff --git a/doc/040_backup.rst b/doc/040_backup.rst
index c52fec8c4..7856875f0 100644
--- a/doc/040_backup.rst
+++ b/doc/040_backup.rst
@@ -614,7 +614,7 @@ environment variables. The following lists these environment variables:
     AZURE_ACCOUNT_NAME                  Account name for Azure
     AZURE_ACCOUNT_KEY                   Account key for Azure
     AZURE_ACCOUNT_SAS                   Shared access signatures (SAS) for Azure
-    AZURE_ENDPOINT_SUFFIX               Domain of Azure Storage (default: core.windows.net)
+    AZURE_ENDPOINT_SUFFIX               Endpoint suffix for Azure Storage (default: core.windows.net)
 
     GOOGLE_PROJECT_ID                   Project ID for Google Cloud Storage
     GOOGLE_APPLICATION_CREDENTIALS      Application Credentials for Google Cloud Storage (e.g. $HOME/.config/gs-secret-restic-key.json)
diff --git a/internal/backend/azure/config.go b/internal/backend/azure/config.go
index 5284572e9..d819b35aa 100644
--- a/internal/backend/azure/config.go
+++ b/internal/backend/azure/config.go
@@ -72,7 +72,8 @@ func (cfg *Config) ApplyEnvironment(prefix string) {
 	if cfg.AccountSAS.String() == "" {
 		cfg.AccountSAS = options.NewSecretString(os.Getenv(prefix + "AZURE_ACCOUNT_SAS"))
 	}
+
 	if cfg.EndpointSuffix == "" {
-		cfg.EndpointSuffix = os.Getenv("AZURE_ENDPOINT_SUFFIX")
+		cfg.EndpointSuffix = os.Getenv(prefix + "AZURE_ENDPOINT_SUFFIX")
 	}
 }